hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10379) Protect authentication cookies with the HttpOnly and Secure flags
Date Tue, 04 Mar 2014 04:31:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13919005#comment-13919005

Hadoop QA commented on HADOOP-10379:

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:red}-1 javac{color:red}.  The patch appears to cause the build to fail.

Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3624//console

This message is automatically generated.

> Protect authentication cookies with the HttpOnly and Secure flags
> -----------------------------------------------------------------
>                 Key: HADOOP-10379
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10379
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Haohui Mai
>            Assignee: Haohui Mai
>         Attachments: HADOOP-10379.000.patch
> Browser vendors have adopted proposals to enhance the security of HTTP cookies. For example,
the server can mark a cookie as {{Secure}} so that it will not be transfer via plain-text
HTTP protocol, and the server can mark a cookie as {{HttpOnly}} to prohibit the JavaScript
to access that cookie.
> This jira proposes to adopt these flags in Hadoop to protect the HTTP cookie used for
authentication purposes.

This message was sent by Atlassian JIRA

View raw message